Rick, You want to make sure you upload into a temporary directory that is outside of the web root first, otherwise as Leigh pointed out the mime type could be spoofed, and the file could be executed before you've even had a chance to perform any other validation on it. The link got truncated in my email: http://www.petefreitag.com/item/701.cfm
Once the file is in the temp directory you can give it a new name and move it under the web root after you have performed your validations. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting & Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Thu, Aug 18, 2011 at 1:18 PM, Rick Faircloth <r...@whitestonemedia.com>wrote: > > Am I correct? The image upload, using "makeunique" can't be used > in conjuction with reReplace as in: > > <cffile action = "upload" > filefield = "image" > destination = "#expandPath('images\')##reReplace(image, > '[^a-zA-Z0-9_.]', '', 'all')#" > accept = "image/jpg, image/pjpg, image/jpeg, image/pjpeg" > nameConflict="makeUnique" /> > > It doesn't seem like it should work, since I'm trying to use server side > CF, > while > the server is actually receiving the image... > > Rick > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346849 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
